[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon Aug 26 09:54:24 BST 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2adf6964 by Moritz Muehlenhoff at 2024-08-26T10:11:32+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -168,6 +168,7 @@ CVE-2024-42852 (Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7
 	NOT-FOR-US: AcuToWeb server
 CVE-2024-42845 (An eval Injection vulnerability in the component invesalius/reader/dic ...)
 	- invesalius <unfixed>
+	[bookworm] - invesalius <no-dsa> (Minor issue)
 	NOTE: https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
 CVE-2024-42766 (Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorr ...)
 	NOT-FOR-US: Kashipara Bus Ticket Reservation System
@@ -780,6 +781,7 @@ CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an untru
 	NOT-FOR-US: Russh
 CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	- ckeditor <unfixed>
+	[bookworm] - ckeditor <no-dsa> (Minor issue)
 	[bullseye] - ckeditor <postponed> (Minor issue)
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
 	NOTE: Fixed by removing the plugins/codesnippetgeshi/dev directory completely.
@@ -32112,6 +32114,7 @@ CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to ina
 	NOT-FOR-US: ThinkPHP
 CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.)
 	- sogo 5.11.0-1 (bug #1071163)
+	[bookworm] - sogo <no-dsa> (Minor issue)
 	[buster] - sogo <postponed> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 (SOGo-5.11.0)
 CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...)
@@ -63352,6 +63355,7 @@ CVE-2023-49106 (Missing Password Field Masking vulnerability in Hitachi Device M
 	NOT-FOR-US: Hitachi
 CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.)
 	- sogo 5.9.1-1 (bug #1060925)
+	[bookworm] - sogo <no-dsa> (Minor issue)
 	[buster] - sogo <ignored> (Minor issue)
 	NOTE: Fixed by: https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 (SOGo-5.9.1)
 CVE-2023-47460 (SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a rem ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ opennds
 --
 pymatgen
 --
+python3.11 (jmm)
+--
 python-aiohttp
 --
 python-reportlab
@@ -54,5 +56,7 @@ twisted
 --
 webkit2gtk (berto)
 --
+xen
+--
 zabbix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adf69643e1290bbfb67556425fe8ad4d3ab583e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2adf69643e1290bbfb67556425fe8ad4d3ab583e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240826/6b49e5e5/attachment-0001.htm>
